IBM Notes plug-in signature verification mechanism and its application

Introduction

With the popularity of the Eclipse rich client PLATFORM,RCP, more and more features come in as Plug-ins. This allows the enterprise, in addition to its own development of plug-ins, can also choose to use Third-party-provided plug-ins. But the internet plug-ins are all over the world, how to ensure the security of the source of Plug-ins is a problem faced by enterprises. The digital signature technology based on public Key Infrastructure (INFRASTRUCTURE,PKI) provides a good solution for this problem. The plug-in provider uses its private key (the encryption process) to digitally sign the plug-in it is developing, while the user verifies the plug-in signature (i.e., decryption and verification process) with the public key (publicly key) that is exposed by the provider. In this way, it is technically possible to ensure that the plug-in is actually provided by the trusted organization, while also ensuring that the plug-in content is not maliciously tampered with, that is, integrity.

Plug-in signature verification mechanism in IBM Notes

Notes's plug-in signature verification mechanism is based on the implementation of Eclipse, but also according to its own product characteristics of the corresponding expansion. In Notes, the process of verifying the plug-in signature is:

Gets the signature certificate data from the signed plug-in and builds the memory certificate object.

Load the appropriate certificate library according to the different stages you are in (Notes installation or after installation).

In Notes, the following two scenarios trigger a plug-in signature security check:

First, during the Notes installation, all plug-ins located in the installation package must be signed by the trusted entity by default, which will cause the plug-in installation to fail. The Notes version production team has preset all the certificates required for the process during the generation of the Notes installation package. Therefore, there is no security warning when installing Plug-ins in the default Notes installation package provided by IBM, because their signatures can be validated. For example, in the Windows installer package, the certificate library file involved in the procedure is the. KeyStore in the Deploy directory of the installation package. Ibm_j9_jvm.install;

Second, after the Notes installation is complete, if the customer wants to deploy their own development or third party development of Plug-ins, then need to use the installation/update (install/update) to complete. In Windows, for example, this process involves a certificate library file that is a certificate library file in a Notes-only JVM, with the path \notes\jvm\lib\security\cacerts under the installation directory, with the default password "Changeit" and the Certificate library type " JKs ". The Install/update interface in Notes is hidden by default and can be enabled by modifying the following file, which is \data\workspace\.metadata\.plugins\org.eclipse.core.runtime\ under the user Data directory of notes. Settings\com.ibm.notes.branding.prefs to set its enable.update.ui to true, you can see hidden menu items in File\application. If Com.ibm.notes.branding.prefs does not exist, you need to create a new file and set its content to "Enable.update.ui=true".

In the certificate library for signature Verification, if the signature checksum passes, the checksum completes, you can continue the plug-in installation process.

If the signature checksum fails in step 3, Notes will look for the preset plug-in signature verification failure processing policy and follow up on the policy settings accordingly.

The customer can set the appropriate policy in the deploy\ plugin_customization.ini configuration file in the installation package and specify the appropriate processing according to the corresponding value. For example, when the specified Com.ibm.rcp.security.update/untrusted_signature_policy is PROMPT, if the plug-in's signature is not trusted, a corresponding security warning box pops up for the user to choose from. You can also set the above item to deny, so that once the signature is not trusted, the installation is rejected directly and no prompts are made. By default, the value of this item is PROMPT.

Requirements for customizing the Notes installation package to preset Third-party plug-ins

After the customer has purchased notes, in addition to using the Out-of-the-box features provided by notes itself, such as messages, it is often developed two times based on the powerful platform capabilities offered by the notes underlying Java platform (i.e. Lotus Expeditor), which is based on notes for The enterprise itself needs a variety of functional plug-ins. At this point, the corresponding problem comes along, although Lotus Domino can implement central management functionality for each of the Notes clients, but only at the policy configuration level, not through Domino's strategy. So how can the enterprise development or purchase of third-party functional plug-ins securely and quickly deployed on all Notes clients? At this point, customizing the Notes installation package, out-of-the-way enterprise development or Third-party plug-ins become an option. In this process, the security of the plug-in source is clearly not overlooked, so after understanding the notes of the plug-in signature verification mechanism, for the above requirements, we can directly use the plug-in security check mechanism provided by the notes to ensure that the various configurations we do are safe enough.

Customizing the Notes installation package to securely preset a complete solution for Third-party plug-ins

The following is an example of a tested plug-in signed with a self-signed certificate to understand the full solution of a custom Notes installation package that securely presets a Third-party plug-in.

Prerequisite

Download and install the Java 2 Standard Edition (Java Development Kit) V5 and updated version

Download and install IBM Notes V8.5.3

Download IBM Lotus expeditor Toolkit V6.2.3

Download Eclipse version 3.4 or above and install Expeditor Toolkit to prepare Notes development debugging environment

You can find the appropriate Eclipse platform (Eclipse3.4 or above) on Eclipse Foundation and install Expeditor Toolkit through Eclipse's help \ Software update \ Find and install menu V6.2.3 , configure the Java development and debugging environment for Notes. The specific configuration process can refer to the product documentation for Expeditor Toolkit in Developerworks.

Detailed steps

1. Create unsigned Plug-ins

Here we will take a Test plug-in (Com.test.helloworld) as an example, the plug-in's function is to add an option under the Notes Open button (Hello view), click on this option will open a new view page, in the view We draw a button and click the button to pop up the message box and display the "Hello World" text message. The sample code can be obtained from the download section.

Figure 1. New "Hello View" option under the Open menu